CVE-2011-1168

Description

Cross-site scripting (XSS) vulnerability in the KHTMLPart::htmlError function in khtml/khtml_part.cpp in Konqueror in KDE SC 4.4.0 through 4.6.1 allows remote attackers to inject arbitrary web script or HTML via the URI in a URL corresponding to an unavailable web site.

How to fix CVE-2011-1168

To remediate CVE-2011-1168, upgrade the affected package to a fixed version below.

• Debian/kde4libs—upgrade to 4:4.4.5-4 or later

Is CVE-2011-1168 being exploited?

Low — EPSS is 1.4%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 4:4.4.5-4

References (18)

• ADVISORYsecunia.com/advisories/44065
• ADVISORYsecunia.com/advisories/44108
• ADVISORYwww.mandriva.com/security/advisories?name=MDVSA-2011:075
• ADVISORYwww.ubuntu.com/usn/USN-1110-1
• ADVISORYwww.vupen.com